cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533).
CVSS Score
5.4
EPSS Score
0.004
Published
2020-03-17
cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534).
CVSS Score
9.8
EPSS Score
0.002
Published
2020-03-17
cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).
CVSS Score
6.1
EPSS Score
0.004
Published
2020-03-17
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).
CVSS Score
6.1
EPSS Score
0.004
Published
2020-03-17
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537).
CVSS Score
7.2
EPSS Score
0.005
Published
2020-03-17
cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541).
CVSS Score
5.3
EPSS Score
0.002
Published
2020-03-17
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).
CVSS Score
9.1
EPSS Score
0.004
Published
2020-03-17
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543).
CVSS Score
9.1
EPSS Score
0.003
Published
2020-03-17
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
CVSS Score
9.8
EPSS Score
0.028
Published
2020-03-17
cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499).
CVSS Score
8.8
EPSS Score
0.002
Published
2020-03-17